I hope you’re like me – one who unabashedly admits to belonging in the more geeky and nerdly portion of the society. Yet in the world of geeks and nerds there is an elite group. That’s right, it’s the elite set of geeks and nerds who actually get excited about identity management - the authentication and authorization of users across systems. The ability to easily configure who gets access to specific resources in the cloud facilitates better security, project management and cost control without slowing down users. That’s the kind of thing that makes everyone in an organization happy. In the Grizzly “V3” version of Keystone, the identity service for OpenStack®, there is a new function called Domains. Our team has been working tirelessly with the OpenStack Keystone team to bring you some new innovations.
Mastering Your Domain
Domains in the OpenStack identity world are high-level containers for projects, users and groups. As such, they can be used to centrally manage all Keystone-based identity components. A team with HP's Public Cloud developed the spec for Domains and contributed it to the Keystone community. With the introduction of account Domains, server, storage and other resources can now be logically grouped into multiple Projects (previously called Tenants) which can themselves be grouped under a master account-like container. In addition, multiple users can be managed within an account Domain and assigned roles that vary for each Project. Pretty cool, right?
More Domain Mastery
We also led the implementation for parts of the Keystone V3 authentication protocol and refactored the Keystone authorization system making it more pluggable. This work represents an essential building block for future additions including identity federation and multi-factor authentication.
Yep, as you can see, we have been very busy and very productive. You can give the HP Public Cloud a try here and if you happen to meet any of our Keystone gurus at the OpenStack Summit this week or elsewhere, feel free to pass along your thoughts on the coolness of identity domains.